Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

After a user has logged in interactively, a downstream non-browser application can request the status of user session via a back channel request.

Ubisecure SSO includes the /uas/status endpoint for this purpose.

OAuth id_tokens contain the Ubisecure extension session_index which can be used to resolve current SSO session status for a given user session.

Step-by-step guide


  1. For the request, you need the EntityID of the SAML2 application or the client_id of the OAuth2 application.

  2. The id_token and userinfo response contains an OAuth2 extension called session_index. You must pass this session_index value to the non-interactive applicaation and then call our /uas/status endpoint in the back channel using the sessionIndex and entityID parameters.
    The session_index value cannot be used to retrieve user information, only for finding out if there is a valid session or not.

    e.g.

    https://XXXXXX.example.com/uas/status?entityID={client_id}&sessionIndex={session_index}&type=application/json

    The response is by default in JSON format. Other formats are supported if sending the query parameter “type”

    “application/xml” or “application/json” for XML or JSON respectively.

  3. If there is a session, the request message looks like this:

    Request
    https://mno.ubidemo.com/uas/status?entityID=c495bb59-f0ae-430a-9830-ca8228aa58fe&sessionIndex=_d6ee2628b0d493809650c06b2653083511d6e474

    The response is in JSON format

    Response
    {
      "valid": true,
      "issueInstant": 1499433097694,
      "refresh": false,
      "entityID": "c495bb59-f0ae-430a-9830-ca8228aa58fe",
      "sessionIndex": "_d6ee2628b0d493809650c06b2653083511d6e474",
      "sessionNotOnOrAfter": 1499436584471,
      "authnInstant": 1499432984462
    }
  4. If you include the refresh parameter, the user session is extended:

    Request
    https://mno.ubidemo.com/uas/status?entityID=c495bb59-f0ae-430a-9830-ca8228aa58fe&sessionIndex=_d6ee2628b0d493809650c06b2653083511d6e474&refresh=true

    Notice how the sessionNotOnOrAfter value increases in the response

    Response
    {
      "valid": true,
      "issueInstant": 1499433264743,
      "refresh": true,
      "entityID": "c495bb59-f0ae-430a-9830-ca8228aa58fe",
      "sessionIndex": "_d6ee2628b0d493809650c06b2653083511d6e474",
      "sessionNotOnOrAfter": 1499436864743,
      "authnInstant": 1499432984462
    }
  5. If there is no session, the message looks like this:

    Invalid session response
    {
       "valid":false,
       "issueInstant":1495183121690
    }

 

Consider system performance when designing when and how often to make such requests to prevent unnecesary load.



  • No labels